Jumio CEO: Helping FIs Solve Digital Identity’s ‘Last Mile’ Problem

Jumio Helps FIs Solve ID’s ‘Last Mile’ Problem

As so much of daily life and transactions move online, the digital-first economy is not without its new challenges. For example, the problem of identity theft is widespread — and to get a sense of scale, the Federal Trade Commission (FTC) has estimated that last year, nearly 1.4 million people reported having their identity stolen, a level about twice what had been seen in 2019.

Much of that, perhaps not all that surprisingly, was related to the pandemic. Unemployment scams rose, and the great digital shift helped inject some anonymity into the process. Traditional lines of defense haven’t worked as well as they did when they were under less pressure, and new methods of battle are necessary.

What does that mean? It means companies need to change their onboarding and monitoring processes to make sure they’re not being outfoxed by fraudsters who’ve leveraged bits and pieces of data floating across the net to cobble new identities or pass themselves off as someone they most certainly are not. It was a key topic in an interview PYMNTS’ Karen Webster conducted with Robert Prigge, CEO of digital identity verification company Jumio, who said companies rely too much on knowledge-based authentication (KBA for short) — and, in effect, have left their flanks unguarded.

The waves of data breaches that have dominated headlines through the past several years prove that to an extent, the consumer’s sensitive data are effectively public, Prigge said.

“When you see these statistics about identities being stolen, more often than not it’s because the company or the enterprise, or even the government entity, is just relying on you saying who you are instead of verifying who you really are,” he said.

The databases are only checking out who individuals say they are, Prigge said.

But, he added, the pandemic and the rising sophistication of the fraudsters have underscored that relying on databases to verify identity simply is not enough, especially in an age where the “something you know” standby of data security is on its way out.

If anything, the fraudsters may have better knowledge of you than you do, with the name of your old college dorm at their fingertips, even if you’ve long forgotten it. The criminals, Prigge warned, “have gone online, just like the [legitimate] businesses have … they’re now so sophisticated that they have ‘maps’ of what companies are easy marks and how to get past their defenses.”

And it’s been no easy fix to verify identities while making sure there is not too much friction in the process. Many financial institutions (FIs) don’t have the mix quite right yet, trying to do too much in-house or partnering with a slew of providers that may have been chosen simply on the basis of cost. Or, quite simply, the urgency had not quite yet been there to have the most robust ID solutions in place.

But now, banks have acknowledged that the user experience is critical in the age of contactless, online interactions — and security is critical, too.

“You want the right answer, not the cheapest solution, which unfortunately still influences how some FIs make their purchase decisions,” Prigge said.

There is a lot more than cost to consider, he explained, including tackling the “patch quilt” of regulations and compliance mandates that can differ from country to country (and, as new laws take shape, even state to state) and the software that can detect the fraudsters’ growing prowess with deepfakes.

“The hard problem to crack is knowing you’ve let in the ‘right’ person, and it is almost like a vaccination and an infection analogy — you can’t let in a bad person,” Prigge said. “It can pollute everybody.”

It’s becoming increasingly important for solutions providers to embrace document-centric ID proofing, leveraging government-issued IDs, selfies and biometrics, Prigge told Webster. And as evidence of the greater emphasis being placed on advanced fraud prevention technologies, Jumio announced in March that it received $150 million in funding from Great Hill Partners.

With that funding in hand, Prigge said, the company will increase the artificial intelligence (AI) and the automation surrounding the company’s offerings and build out its platform to fully integrate compliance with digital identity proofing. The firm acquired an anti-money laundering (AML) platform from Beam Solutions last fall to boost its end-to-end identification efforts.

Bringing on Advanced Tech

Bringing more advanced tech — biometrics and liveness detection — more prominently into the mix comes as fraudsters are testing all the lines of firms’ defenses, often at once. It’s not just about onboarding, anymore, he said — FIs must also be focused on preventing account takeover.

The payoffs for enhancing identity verification techniques can be significant. Jumio’s own data show that new account fraud based on ID verification fell by more than 23 percent globally in 2020 versus 2019, even as overall fraud increased.

By virtue of requiring an ID and a selfie as part of the identity proofing process, Jumio saw 80 percent less fraud compared to customers who only required a government-issued ID.

With a nod toward best practices, Prigge said robust verification solutions offer clear step-by-step instructions to end users, making sure that the identity verification process is done as easily as possible.

The continuous challenge, Prigge said, is solving the “last-mile problem” of identity verification, taking analog identity and rendering it in digital format. (He noted that once the information has been digitized it can be reshared, efficiently, across other use cases.)

Looking ahead, he said, each facet of a user’s online life will have its own “identity.” Prigge predicted that an individual’s credit card activity will have its own identity, their social media will have a concrete identity — and in the meantime, the fragmentation of identity verification solutions providers will be a thing of the past, swept up in a wave of consolidation.

“The power of the internet used to be anonymity,” Prigge told Webster, “and now it’s identity because now people understand that virtually every account you create has power and money behind it … we’re the cop on the beat.”